Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an Ansible playbook to deploy the management hub all-in-one. #148

Open
loudonlune opened this issue Jun 8, 2023 · 2 comments
Open
Assignees
Labels
enhancement New feature or request

Comments

@loudonlune
Copy link

The proposed change would add an Ansible playbook and role to install, uninstall, and manage the management hub. This would wrap the existing "deploy-mgmt-hub.sh" script. The Ansible role would also provide utilities to manage organizations and users through the exchange API. The configuration for the Ansible role may be given as an environment file, a YAML document, or as a combination of the two.

Users and orgs will be declared in YAML, and the playbook will ensure that users and groups declared in the file exist when it is run. Users and orgs not present in the file will be cleaned up.

The purpose of this is to enable end users to maintain an inventory of one or more management hub instances in a declarative manner.

@joewxboy
Copy link
Member

@bencourliss @naphelps @dlarson04 FYI ... these Ansible playbook files will help with user management, all-in-one hub installation and updates, and in theory, agent installation. Hopefully we'll get a PR to start testing within a week. Any requirements or expectations? For example ... when managing user accounts, should it be able to re-create them from a configuration, or would we expect to only add them interactively one at a time so that passwords are not stored in a file? Or should we be using Ansible Secrets for those?

@joewxboy joewxboy added the enhancement New feature or request label Jan 29, 2024
@loudonlune
Copy link
Author

Most of the Ansible facts related to users and other secrets (like vault unseal keys) should be stored in an Ansible vault.
When the role generates a new install configuration, it doesn't store the secrets in a vault by default. The user needs to do that step themselves.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants